[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Safe destinations

Gregory Maxwell wrote:
There are many people who would like to run tor exits but whom don't
because of the inevitable flood of abuse complaints.


At the same time, there are a great many high traffic destinations on
the internet which have little to no complaint potential because they
are effectively read-only or are otherwise understood to be
tor/anonymity friendly.


Examples include most news sites, virtually all CDN services (used to
distribute images by large sites), freenode IRC, Wikipedia, other
anonymity services, search engines, and probably most instant
messaging networks (?).


Right now nodes can attempt to exit to only to safe locations and
protocols by carefully crafting their exit policies but this takes a
fair amount of work to maintain, clutters up the directories, and
risks making the exit look like a single-purpose-password-sniffer.

Disagreed. I'm not sure how a limited exit policy makes a defacto statement about the intent of the administrator. Any exit node could be used for cleartext snooping. Even a node with permissive exit policies can be snooped selectively.

How awful would it be to create a community managed list of 'safe
destinations' distributed by the directory servers as a single object
which exit operators could include in in their exit policies and
further refine with local rules?

Some exit operators would likely switch to safe-mode, reducing the
total amount of universal-exit capacity but if the safe list included
enough high traffic sites it would probably more than offset the loss
and arguably anyone who switched was likely to quit in any case.

Gregory, while the behavioral outcome of what you are proposing is speculation, you would also have to expect that many (some) non exit relays would choose to exit to safe services. My guess is that overall network bandwidth would go up.

A community maintained list, not associated with the Tor Project, might provide an answer. We could easily dig up all the IP/port information needed to create "safer" exit policies.

I still like the idea of allowing administrators the ability to create a rule in the form of:

   Accept *.google.com:80
   Accept *.google.com:443

From my standpoint it seems most functional from an exit node operator's standpoint.

From a technical standpoint I have little idea what it means to the directory for additional rules like this to be included. At face value it may be trivial (please notice the word "may"). I'm also not a good enough programmer, so I really can't dive into the Tor source and be able to tell the issues involved with my suggested *.domain.tld:port statement.

I've been doing a little code monkeying in python with the idea of being able to create a list of *.domain.tld:port lists with an automated output to torrc followed by a HUP. Sadly, in order to pull this off with any real elegance, I need to be able to get a zone transfer from the target domain's name server- which is not likely. However, it does work on my own domains and name server. So the concept at least works for local domains.

At this point it's still easier to grope for the DNS information, and construct IP:port exit rules by hand.